Reputation: 99
How Referrer-Policy header can secure a website?
I'm trying to get my website as secure as possible. I'm reading about headers and I should add a Referrer-Policy. However, I'm not sure to understand how this header can make my website more secure.
To be honest, I'm not sure to know how it works. I think the browser get as referrer the previous link.
My website use HTTP not yet HTTPS and I don't know which referrers should I use. I think the default is Referrer-Policy: no-referrer-when-downgrade, but my website use HTTP so that's useless.
Upvotes: 1
Views: 1707
Answers (1)
Reputation: 410
its been a while utile you ask but your best answer is here
and according to this blog its how Referrer-Policy works :
When a user clicks a link on one site, the origin, that takes them to another site, the destination, the destination site receives information about the origin the user came from. This is how we get metrics like those provided by Google Analytics on where our traffic came from. I know that 4,000 users came from Twitter this week because when they visit my site they set the referer[sic] header in their request.
in simple word, it's about users privacy!
Upvotes: 2
Related Questions
- In what cases will HTTP_REFERER be empty
- referrer policy header not working apache .htaccess
- Headers are not setting using Referrer-Policy
- Remove http referer
- Why isn't the the Referer header removed for Google HTTPS -> HTTP?
- <meta name='referrer'> works, Referrer-Policy header does not
- Securing HTTP referer
- How does javascript's referrer property work under the hood
- When do browsers send referrers? How to prevent this?
- Is HTTP_REFERER set by client